W/WallpaperManager( 553): WallpaperService not running - Android Q&A, Help & Troubleshooting

Hello!
I got new EINK Android (4.2.2) based e-book reader and I have problem with wallpaper changing.
In any launcher I have tested, when I try change wallpaper nothing happens, and I got this in system log:
Code:
W/WallpaperManager( 553): WallpaperService not running
List of services on device:
Code:
Found 64 services:
0 commontime_management: []
1 samplingprofiler: []
2 diskstats: []
3 appwidget: [com.android.internal.appwidget.IAppWidgetService]
4 backup: [android.app.backup.IBackupManager]
5 uimode: [android.app.IUiModeManager]
6 serial: [android.hardware.ISerialManager]
7 usb: [android.hardware.usb.IUsbManager]
8 audio: [android.media.IAudioService]
9 dropbox: [com.android.internal.os.IDropBoxManagerService]
10 search: [android.app.ISearchManager]
11 country_detector: [android.location.ICountryDetector]
12 location: [android.location.ILocationManager]
13 devicestoragemonitor: []
14 notification: [android.app.INotificationManager]
15 updatelock: [android.os.IUpdateLock]
16 throttle: [android.net.IThrottleManager]
17 servicediscovery: [android.net.nsd.INsdManager]
18 ethernet: [android.net.ethernet.IEthernetManager]
19 connectivity: [android.net.IConnectivityManager]
20 wifi: [android.net.wifi.IWifiManager]
21 wifip2p: [android.net.wifi.p2p.IWifiP2pManager]
22 netpolicy: [android.net.INetworkPolicyManager]
23 netstats: [android.net.INetworkStatsService]
24 textservices: [com.android.internal.textservice.ITextServicesManager]
25 network_management: [android.os.INetworkManagementService]
26 clipboard: [android.content.IClipboard]
27 statusbar: [com.android.internal.statusbar.IStatusBarService]
28 device_policy: [android.app.admin.IDevicePolicyManager]
29 lock_settings: [com.android.internal.widget.ILockSettings]
30 mount: [IMountService]
31 accessibility: [android.view.accessibility.IAccessibilityManager]
32 input_method: [com.android.internal.view.IInputMethodManager]
33 bluetooth_manager: [android.bluetooth.IBluetoothManager]
34 input: [android.hardware.input.IInputManager]
35 window: [android.view.IWindowManager]
36 alarm: [android.app.IAlarmManager]
37 vibrator: [android.os.IVibratorService]
38 battery: []
39 hardware: [android.os.IHardwareService]
40 content: [android.content.IContentService]
41 account: [android.accounts.IAccountManager]
42 user: [android.os.IUserManager]
43 permission: [android.os.IPermissionController]
44 cpuinfo: []
45 dbinfo: []
46 gfxinfo: []
47 meminfo: []
48 activity: [android.app.IActivityManager]
49 package: [android.content.pm.IPackageManager]
50 scheduling_policy: [android.os.ISchedulingPolicyService]
51 telephony.registry: [com.android.internal.telephony.ITelephonyRegistry]
52 display: [android.hardware.display.IDisplayManager]
53 usagestats: [com.android.internal.app.IUsageStats]
54 batteryinfo: [com.android.internal.app.IBatteryStats]
55 power: [android.os.IPowerManager]
56 entropy: []
57 sensorservice: [android.gui.SensorServer]
58 SurfaceFlinger: [android.ui.ISurfaceComposer]
59 drm.drmManager: [drm.IDrmManagerService]
60 media.audio_policy: [android.media.IAudioPolicyService]
61 media.camera: [android.hardware.ICameraService]
62 media.player: [android.media.IMediaPlayerService]
63 media.audio_flinger: [android.media.IAudioFlinger]
Any solution to add/start WallpaperService on this device?

Related

Omnius error

When I try to flash using Omnisu i get the following error, could any one tell me the cause?
Code:
Action journal
02:58:45 Flash
02:58:45 Allows to change languages supported by the phone and upgrade its firmware.
02:58:45 Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
02:58:45 Application version: 0.07.2279 (beta)
02:58:45 . The action name is 'Flash'
02:58:45 Selected phone type: Xperia™ X10
02:58:45 i Instructions
02:58:45 i 1. Make sure the phone battery is charged to at least 50%.
02:58:45 i 2. Switch off the phone!
02:58:45 i 3. Remove the phone battery and wait at least 5 seconds before reinserting it!
02:58:45 i 4. Press and hold the return back button, then connect the cable to the phone!
02:58:45 . The action started waiting for the user
02:58:51 . The action finished waiting for the user
02:58:51 Connecting via SEMC USB Flash Device (USB2)...
02:58:51 Device driver version: 2.2.0.5
02:58:51 Detected chipset: QSD8250
02:58:51 Boot mode: EROM
02:58:51 Sending loader...
02:58:53 Establishing connection to the server...
02:59:00 Receiving news...
02:59:03 i No news
02:59:04 Actual credit: 0.00
02:59:12 Writing file R11A_R1FB001_FSP_X10a_CLARO_BR_NAM1_1233_6927_S1_SW_LIVE_AC12_0001_S1_PARTITION_WITH_SPARE.zip...
03:01:39 e Failed!
03:01:39 . The action entered shutdown phase
03:01:39 . The action reported failure
Error code
# E39CDD9F86C3082E
Error details
---
5B 6C 15 92 8B 89 69 F2 B9 6A 0B C9 F3 41 3F 1C
94 D4 9D 1F F5 38 19 88 BE 63 0E C8 8D BD 71 CA
F1 34 B4 45 90 DA C9 12 59 2E EE F8 FF 3F 8C 1F
97 81 7F AB C1 B1 44 7C 64 75 B1 A9 2F 52 EA 53
C3 86 82 ED D7 B9 7A 9D C4 06 F8 CF FE CF 2D 23
3E 5F C1 83 98 5B FB 05 72 46 C9 59 B0 24 70 A2
78 4F FE 10 B3 A9 DA 1A C6 AA AE 38 CF 9B A4 34
53 5B A9 07 9B 99 74 57 D4 C9 E7 60 22 39 FD B3
4B 34 E9 81 85 AE 7B 13 B4 8C 55 D4 E1 2F DC 2D
80 06 76 82 DB A9 67 FE F7 DE 54 8E 62 4D A1 77
8F 34 03 FC 45 5B 49 6F 27 E3 9A 49 7D 01 A1 DA
41 B6 8E 6D 35 26 57 3F 57 4C 85 6C 7B 5F 5D 3F
BF B5 A3 2E 1B 72 03 F5 07 84 65 CB 33 00 01 F4
E1 64 0D 42 4B 88 A7 BE E7 39 1B 7A 9D FE 4F 8B
B1 74 BD 4E 73 8F 59 82 E7 84 95 18 93 20 9F E2
49 2F 00 F1
---
matin_sb said:
When I try to flash using Omnisu i get the following error, could any one tell me the cause?
Code:
Action journal
02:58:45 Flash
02:58:45 Allows to change languages supported by the phone and upgrade its firmware.
02:58:45 Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
02:58:45 Application version: 0.07.2279 (beta)
02:58:45 . The action name is 'Flash'
02:58:45 Selected phone type: Xperia™ X10
02:58:45 i Instructions
02:58:45 i 1. Make sure the phone battery is charged to at least 50%.
02:58:45 i 2. Switch off the phone!
02:58:45 i 3. Remove the phone battery and wait at least 5 seconds before reinserting it!
02:58:45 i 4. Press and hold the return back button, then connect the cable to the phone!
02:58:45 . The action started waiting for the user
02:58:51 . The action finished waiting for the user
02:58:51 Connecting via SEMC USB Flash Device (USB2)...
02:58:51 Device driver version: 2.2.0.5
02:58:51 Detected chipset: QSD8250
02:58:51 Boot mode: EROM
02:58:51 Sending loader...
02:58:53 Establishing connection to the server...
02:59:00 Receiving news...
02:59:03 i No news
02:59:04 Actual credit: 0.00
02:59:12 Writing file R11A_R1FB001_FSP_X10a_CLARO_BR_NAM1_1233_6927_S1_SW_LIVE_AC12_0001_S1_PARTITION_WITH_SPARE.zip...
03:01:39 e Failed!
03:01:39 . The action entered shutdown phase
03:01:39 . The action reported failure
Error code
# E39CDD9F86C3082E
Error details
---
5B 6C 15 92 8B 89 69 F2 B9 6A 0B C9 F3 41 3F 1C
94 D4 9D 1F F5 38 19 88 BE 63 0E C8 8D BD 71 CA
F1 34 B4 45 90 DA C9 12 59 2E EE F8 FF 3F 8C 1F
97 81 7F AB C1 B1 44 7C 64 75 B1 A9 2F 52 EA 53
C3 86 82 ED D7 B9 7A 9D C4 06 F8 CF FE CF 2D 23
3E 5F C1 83 98 5B FB 05 72 46 C9 59 B0 24 70 A2
78 4F FE 10 B3 A9 DA 1A C6 AA AE 38 CF 9B A4 34
53 5B A9 07 9B 99 74 57 D4 C9 E7 60 22 39 FD B3
4B 34 E9 81 85 AE 7B 13 B4 8C 55 D4 E1 2F DC 2D
80 06 76 82 DB A9 67 FE F7 DE 54 8E 62 4D A1 77
8F 34 03 FC 45 5B 49 6F 27 E3 9A 49 7D 01 A1 DA
41 B6 8E 6D 35 26 57 3F 57 4C 85 6C 7B 5F 5D 3F
BF B5 A3 2E 1B 72 03 F5 07 84 65 CB 33 00 01 F4
E1 64 0D 42 4B 88 A7 BE E7 39 1B 7A 9D FE 4F 8B
B1 74 BD 4E 73 8F 59 82 E7 84 95 18 93 20 9F E2
49 2F 00 F1
---
Click to expand...
Click to collapse
Have you definitly downloaded the correct files for flashing on Ominus?
yes i have, i tried 3,4 different ROMs... why are u saying thaat?
Becasue i got a similar message when i tried to flash a .zip file for one of the latest firmwares and it turned out it was compatable with Ominus, so i tried one of the older ones that where specifically made for flashing with Ominus.
Try: http://hotfile.com/dl/47479718/71300fd/i_WWE_R1FB001_DEK.rar.html
or
http://hotfile.com/dl/48677045/e33b2a3/UPDATE_ZIP_R1FB001.rar.html
Instructions: http://forum.xda-developers.com/showpost.php?p=6789689&postcount=324
Thats all i can suggest, or use the Flashing Tool provided by Bin4ry.
Hope this helps

[Q] unlocking T959 by decrypt SHA1 hashes (see "Odia")

I have locked T-Mobile phone: SGH-T959ZKATMB
with firmware: T959UVJI6, BUILD TIME 2010.09.28 21:06:20 KST
I found good theme about this unlocking method, but I not enough rights for writing to this theme: http://forum.xda-developers.com/showthread.php?t=1064978
So, I create new theme. Sorry.
I found and decrypt hashes of passwords, but any of these codes don't unlock phone:
Code:
18154B 203BF1566BB0B79A76C78ADB5CCEE7AD171A20BC = '61620862'
18155F 7D3E17CFCD816CACD4E025FAA65004FDD17D51F8 = '00000000'
181573 7D3E17CFCD816CACD4E025FAA65004FDD17D51F8 = '00000000'
181587 7D3E17CFCD816CACD4E025FAA65004FDD17D51F8 = '00000000'
18159B F8F9B9602D0A106032FAB96000000000F0FCE260 = Error
1815CF 389EA0ABE51DC24224CD9DA8146AD5E843134F7B = '51725250'
Same passwords placed as plain text there:
Code:
008870 00 00 00 00 5B 50 45 52 53 4F 5D 73 74 61 74 65 ....[PERSO]state
008880 5F 69 6E 73 28 73 69 6D 29 20 3D 20 30 00 AA AA _ins(sim) = 0...
...
008900 AA AA AA AA AA AA AA AA AA AA AA AA 35 31 37 32 ............5172
008910 35 32 35 30 35 31 37 32 35 32 35 30 00 36 31 36 525051725250.616
008920 32 30 38 36 32 00 30 30 30 30 30 30 FF FF FF FF 20862.000000....
What problem? Exist other codes, or I incorrect type it? (insert alien sim card and type codes).
(File of my phone attached to this message)
If this is codes is good, then I can create half-automatic programm for finding and decritinig all hashes in the nv_data.bin
Go to the market
Search "galaxy s unlock"
Done
Sent from my SGH-T959 using XDA Premium App

usb ethernet driver truncate data?

I am trying to connect my phone to a device with the phone acting as the host (using the OTG USB cable).
Once connected, I have new entry "usb0" when I do ifconfig.
I assigned 192.168.3.100 to the phone and 192.168.3.99 to the device.
When I do a tcpdump, I saw that the arp request from the phone got to the device correctly, the device answered corrected but by the time it gets to the phone, it is no longer correct. I suspect that this is the problem within the u_ether driver/gadget.
When the device reply to the ARP request, tcpdump on the device gives:
2 0.000091 5a:65:6b:1b:de:37 62:18:d4:57:77:6c ARP 42 192.168.3.99 is at 5a:65:6b:1b:de:37
Frame 2: 42 bytes on wire (336 bits), 42 bytes captured (336 bits)
Ethernet II, Src: 5a:65:6b:1b:de:37 (5a:65:6b:1b:de:37), Dst: 62:18:d4:57:77:6c (62:18:d4:57:77:6c)
0000 62 18 d4 57 77 6c 5a 65 6b 1b de 37 08 06 00 01 b..WwlZe k..7....
0010 08 00 06 04 00 02 5a 65 6b 1b de 37 c0 a8 03 63 ......Ze k..7...c
0020 62 18 d4 57 77 6c c0 a8 03 64 b..Wwl.. .d
Which is correct. However, tcpdump on the phone gives:
2 0.000030 CatenaNe_65:6b:1b AvlabTec_00:06:04 0xde37 28 Ethernet II
Frame 2: 28 bytes on wire (224 bits), 28 bytes captured (224 bits)
Ethernet II, Src: CatenaNe_65:6b:1b (00:02:5a:65:6b:1b), Dst: AvlabTec_00:06:04 (00:01:08:00:06:04)
0000 00 01 08 00 06 04 00 02 5a 65 6b 1b de 37 c0 a8 ........ Zek..7..
0010 03 63 62 18 d4 57 77 6c c0 a8 03 64 .cb..Wwl ...d
From the look of it, the section "62 18 d4 57 77 6c 5a 65 6b 1b de 37 08 06" is missing from the frame.
I suspected that I have to make changes to "drivers/usb/gadget/u_ether.c" and/or "drivers/net/usb/cdc_ether.c" but I am not so sure. Do you know where is the good place to start tackling this problem? I tried to put printk statements everywhere in those files but it proved fruitless.
I have tried to do "ethernet over usb" with a Windows machine (RNDIS) and that worked properly.
Thank you.
bug in usbnet driver
The problem I found out was that there were two consecutive calls to "remove header" in the driver.

[UNLOCK bootloader]Using USB sniffing tool

Hi all,
I have a Redmi Note 3 Special Edition (KATE) using MIUI 8 global 7.1.19 | Beta (6.0.1 MMB29M)
and I'm trying to unlock it using the official metod but, as I see it on a loot of cases, it is stuck at 50%.
I tried to follow a lot of threads (including unofficial method), but nothing works.
Now I'm using a USB sniffer (h**p://freeusbanalyzer.com/) (this is a free one, but any usb sniffing tool could be enough) and I watch what happen between MiUnlock tool (MiFlashUnlock_1.1.0317.1_en) and my phone.
this is the log:
Code:
000000: PnP Event: Device Connected (UP), 2017-02-05 09:50:43,9853586 (1. Device: Android Bootloader Interface)
The USB device has just been connected to the system.
000001: Get Descriptor Request (DOWN), 2017-02-05 09:50:54,4340120 +10,4486485 (1. Device: Android Bootloader Interface)
Descriptor Type: String
Descriptor Index: 0x3
Transfer Buffer Size: 0x40 bytes
LanguageId: 0x409
000002: Control Transfer (UP), 2017-02-05 09:50:54,4352269 +0,0012149. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: Control Pipe
12 03 63 00 38 00 37 00 63 00 31 00 34 00 37 00 ..c.8.7.c.1.4.7.
34 00 4.
Setup Packet
80 06 03 03 09 04 40 00 €[email protected]
Recipient: Device
Request Type: Standard
Direction: Device->Host
Request: 0x6 (GET_DESCRIPTOR)
Value: 0x303
Index: 0x409
Length: 0x40
000003: Bulk or Interrupt Transfer (DOWN), 2017-02-05 09:50:54,4353628 +0,0001359 (1. Device: Android Bootloader Interface)
Pipe Handle: 0x9feaba34 (Endpoint Address: 0x1)
Send 0xe bytes to the device
67 65 74 76 61 72 3A 70 72 6F 64 75 63 74 getvar:product
000006: Bulk or Interrupt Transfer (UP), 2017-02-05 09:50:54,4362125 +0,0006771. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: 0x9feaba14 (Endpoint Address: 0x81)
Get 0x8 bytes from the device
4F 4B 41 59 6B 61 74 65 OKAYkate
000007: Get Descriptor Request (DOWN), 2017-02-05 09:50:54,5170053 +0,0807928 (1. Device: Android Bootloader Interface)
Descriptor Type: String
Descriptor Index: 0x3
Transfer Buffer Size: 0x40 bytes
LanguageId: 0x409
000008: Control Transfer (UP), 2017-02-05 09:50:54,5182476 +0,0012423. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: Control Pipe
12 03 63 00 38 00 37 00 63 00 31 00 34 00 37 00 ..c.8.7.c.1.4.7.
34 00 4.
Setup Packet
80 06 03 03 09 04 40 00 €[email protected]
Recipient: Device
Request Type: Standard
Direction: Device->Host
Request: 0x6 (GET_DESCRIPTOR)
Value: 0x303
Index: 0x409
Length: 0x40
000009: Bulk or Interrupt Transfer (DOWN), 2017-02-05 09:50:54,5183864 +0,0001388 (1. Device: Android Bootloader Interface)
Pipe Handle: 0x9feaba34 (Endpoint Address: 0x1)
Send 0xd bytes to the device
67 65 74 76 61 72 3A 73 6F 63 2D 69 64 getvar:soc-id
000012: Bulk or Interrupt Transfer (UP), 2017-02-05 09:50:54,5192327 +0,0005505. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: 0x9feaba14 (Endpoint Address: 0x81)
Get 0x4 bytes from the device
4F 4B 41 59 OKAY
000013: Get Descriptor Request (DOWN), 2017-02-05 09:50:54,5861826 +0,0669499 (1. Device: Android Bootloader Interface)
Descriptor Type: String
Descriptor Index: 0x3
Transfer Buffer Size: 0x40 bytes
LanguageId: 0x409
000014: Control Transfer (UP), 2017-02-05 09:50:54,5873706 +0,0011880. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: Control Pipe
12 03 63 00 38 00 37 00 63 00 31 00 34 00 37 00 ..c.8.7.c.1.4.7.
34 00 4.
Setup Packet
80 06 03 03 09 04 40 00 €[email protected]
Recipient: Device
Request Type: Standard
Direction: Device->Host
Request: 0x6 (GET_DESCRIPTOR)
Value: 0x303
Index: 0x409
Length: 0x40
000015: Bulk or Interrupt Transfer (DOWN), 2017-02-05 09:50:54,5875075 +0,0001369 (1. Device: Android Bootloader Interface)
Pipe Handle: 0x9feaba34 (Endpoint Address: 0x1)
Send 0xd bytes to the device
67 65 74 76 61 72 3A 73 6F 63 5F 69 64 getvar:soc_id
000018: Bulk or Interrupt Transfer (UP), 2017-02-05 09:50:54,5883543 +0,0006893. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: 0x9feaba14 (Endpoint Address: 0x81)
Get 0x4 bytes from the device
4F 4B 41 59 OKAY
000019: Get Descriptor Request (DOWN), 2017-02-05 09:50:54,6663795 +0,0780252 (1. Device: Android Bootloader Interface)
Descriptor Type: String
Descriptor Index: 0x3
Transfer Buffer Size: 0x40 bytes
LanguageId: 0x409
000020: Control Transfer (UP), 2017-02-05 09:50:54,6676384 +0,0012589. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: Control Pipe
12 03 63 00 38 00 37 00 63 00 31 00 34 00 37 00 ..c.8.7.c.1.4.7.
34 00 4.
Setup Packet
80 06 03 03 09 04 40 00 €[email protected]
Recipient: Device
Request Type: Standard
Direction: Device->Host
Request: 0x6 (GET_DESCRIPTOR)
Value: 0x303
Index: 0x409
Length: 0x40
000021: Bulk or Interrupt Transfer (DOWN), 2017-02-05 09:50:54,6677675 +0,0001291 (1. Device: Android Bootloader Interface)
Pipe Handle: 0x9feaba34 (Endpoint Address: 0x1)
Send 0x14 bytes to the device
67 65 74 76 61 72 3A 62 6F 61 72 64 5F 76 65 72 getvar:board_ver
73 69 6F 6E sion
000024: Bulk or Interrupt Transfer (UP), 2017-02-05 09:50:54,6686480 +0,0007040. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: 0x9feaba14 (Endpoint Address: 0x81)
Get 0x4 bytes from the device
4F 4B 41 59 OKAY
000025: Get Descriptor Request (DOWN), 2017-02-05 09:51:54,3349831 +59,6663351 (1. Device: Android Bootloader Interface)
Descriptor Type: String
Descriptor Index: 0x3
Transfer Buffer Size: 0x40 bytes
LanguageId: 0x409
000026: Control Transfer (UP), 2017-02-05 09:51:54,3362591 +0,0012760. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: Control Pipe
12 03 63 00 38 00 37 00 63 00 31 00 34 00 37 00 ..c.8.7.c.1.4.7.
34 00 4.
Setup Packet
80 06 03 03 09 04 40 00 €[email protected]
Recipient: Device
Request Type: Standard
Direction: Device->Host
Request: 0x6 (GET_DESCRIPTOR)
Value: 0x303
Index: 0x409
Length: 0x40
000027: Bulk or Interrupt Transfer (DOWN), 2017-02-05 09:51:54,3366136 +0,0003545 (1. Device: Android Bootloader Interface)
Pipe Handle: 0x9feaba34 (Endpoint Address: 0x1)
Send 0x7 bytes to the device
6F 65 6D 20 6C 6B 73 oem lks
000030: Bulk or Interrupt Transfer (UP), 2017-02-05 09:51:54,3374902 +0,0001624. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: 0x9feaba14 (Endpoint Address: 0x81)
Get 0x13 bytes from the device
46 41 49 4C 75 6E 6B 6E 6F 77 6E 20 63 6F 6D 6D FAILunknown comm
61 6E 64 and
000031: Get Descriptor Request (DOWN), 2017-02-05 09:51:54,4131364 +0,0756462 (1. Device: Android Bootloader Interface)
Descriptor Type: String
Descriptor Index: 0x3
Transfer Buffer Size: 0x40 bytes
LanguageId: 0x409
000032: Control Transfer (UP), 2017-02-05 09:51:54,4143474 +0,0012110. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: Control Pipe
12 03 63 00 38 00 37 00 63 00 31 00 34 00 37 00 ..c.8.7.c.1.4.7.
34 00 4.
Setup Packet
80 06 03 03 09 04 40 00 €[email protected]
Recipient: Device
Request Type: Standard
Direction: Device->Host
Request: 0x6 (GET_DESCRIPTOR)
Value: 0x303
Index: 0x409
Length: 0x40
000033: Bulk or Interrupt Transfer (DOWN), 2017-02-05 09:51:54,4144867 +0,0001393 (1. Device: Android Bootloader Interface)
Pipe Handle: 0x9feaba34 (Endpoint Address: 0x1)
Send 0xf bytes to the device
6F 65 6D 20 64 65 76 69 63 65 2D 69 6E 66 6F oem device-info
000036: Bulk or Interrupt Transfer (UP), 2017-02-05 09:51:54,4153437 +0,0006957. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: 0x9feaba14 (Endpoint Address: 0x81)
Get 0x1b bytes from the device
49 4E 46 4F 09 44 65 76 69 63 65 20 74 61 6D 70 INFO.Device tamp
65 72 65 64 3A 20 66 61 6C 73 65 ered: false
000038: Bulk or Interrupt Transfer (UP), 2017-02-05 09:51:54,4163381 +0,0009279. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: 0x9feaba14 (Endpoint Address: 0x81)
Get 0x1b bytes from the device
49 4E 46 4F 09 44 65 76 69 63 65 20 75 6E 6C 6F INFO.Device unlo
63 6B 65 64 3A 20 66 61 6C 73 65 cked: false
000040: Bulk or Interrupt Transfer (UP), 2017-02-05 09:51:54,4173369 +0,0009572. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: 0x9feaba14 (Endpoint Address: 0x81)
Get 0x24 bytes from the device
49 4E 46 4F 09 44 65 76 69 63 65 20 63 72 69 74 INFO.Device crit
69 63 61 6C 20 75 6E 6C 6F 63 6B 65 64 3A 20 66 ical unlocked: f
61 6C 73 65 alse
000042: Bulk or Interrupt Transfer (UP), 2017-02-05 09:51:54,4183362 +0,0009577. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: 0x9feaba14 (Endpoint Address: 0x81)
Get 0x21 bytes from the device
49 4E 46 4F 09 43 68 61 72 67 65 72 20 73 63 72 INFO.Charger scr
65 65 6E 20 65 6E 61 62 6C 65 64 3A 20 74 72 75 een enabled: tru
65 e
000044: Bulk or Interrupt Transfer (UP), 2017-02-05 09:51:54,4193375 +0,0009602. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: 0x9feaba14 (Endpoint Address: 0x81)
Get 0x14 bytes from the device
49 4E 46 4F 09 44 69 73 70 6C 61 79 20 70 61 6E INFO.Display pan
65 6C 3A 20 el:
000046: Bulk or Interrupt Transfer (UP), 2017-02-05 09:51:54,4203363 +0,0009568. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: 0x9feaba14 (Endpoint Address: 0x81)
Get 0x4 bytes from the device
4F 4B 41 59 OKAY
000047: Get Descriptor Request (DOWN), 2017-02-05 09:51:54,4849557 +0,0646194 (1. Device: Android Bootloader Interface)
Descriptor Type: String
Descriptor Index: 0x3
Transfer Buffer Size: 0x40 bytes
LanguageId: 0x409
000048: Control Transfer (UP), 2017-02-05 09:51:54,4861066 +0,0011509. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: Control Pipe
12 03 63 00 38 00 37 00 63 00 31 00 34 00 37 00 ..c.8.7.c.1.4.7.
34 00 4.
Setup Packet
80 06 03 03 09 04 40 00 €[email protected]
Recipient: Device
Request Type: Standard
Direction: Device->Host
Request: 0x6 (GET_DESCRIPTOR)
Value: 0x303
Index: 0x409
Length: 0x40
000049: Bulk or Interrupt Transfer (DOWN), 2017-02-05 09:51:54,4862122 +0,0001056 (1. Device: Android Bootloader Interface)
Pipe Handle: 0x9feaba34 (Endpoint Address: 0x1)
Send 0xc bytes to the device
67 65 74 76 61 72 3A 74 6F 6B 65 6E getvar:token
000052: Bulk or Interrupt Transfer (UP), 2017-02-05 09:51:54,4870975 +0,0006893. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: 0x9feaba14 (Endpoint Address: 0x81)
Get 0x1c bytes from the device
4F 4B 41 59 45 44 71 49 31 37 50 42 51 6F 7A 4B OKAYEDqI17PBQozK
74 50 61 6B 77 7A 36 38 42 41 59 6F tPakwz68BAYo
Now I see that the oem lks command is failing with unknown command
6F 65 6D 20 6C 6B 73 oem lks
000030: Bulk or Interrupt Transfer (UP), 2017-02-05 09:51:54,3374902 +0,0001624. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: 0x9feaba14 (Endpoint Address: 0x81)
Get 0x13 bytes from the device
46 41 49 4C 75 6E 6B 6E 6F 77 6E 20 63 6F 6D 6D FAILunknown comm
Is somebody else who tried to sniff the USB communication between Mi Unlock tool and the phone?
If your OFFICIAL unlock process is working, can you please post a log of your sniff? Maybe we can find the true commands that can unlock the phone without any permissions/ rights.
Do you know what the oem lks command is doing?

Possible new way of unlocking the bootloader

Hello there, this is my first post here
I bought this phone like 10 days ago and waited 168 hours to unlock the bootloader
Everything went fine and now I have the bootloader unlocked
During the process of unlocking I sniffed the usb and internet connection and I found some very interesting things
I have had lg, motorola and nexus phones before so I'm used to multiple methods of unlocking the bootloader and I wish every phone was like the nexus in this regard(fastboot oem unlock), but as this is not the case this is what I found:
miflash obtains a code from the device with:
Code:
fastboot getvar token
the device responds with (in my case):
Code:
token: VQEBIQEQ69vxY17MOJnHQZD5Z0e9EwMHY2VwaGV1cwIEWgN-kQ
Finished. Total time: 0.000s
miflash uses this code in their api:
https:// unlock update intl miui com(ip: 161.117.108.114)
their api responds with(in my case):
Code:
sign result:{
"code" : 0,
"description" : "私钥签名成功", //Private key signature succeeded
"encryptData" : "5934D848743BECCFE6C895C128D62E66F9B5300617D53CC89C601E325153898CBA09D9D8849A5E62BB5EBFDF9788D958F307E676D84AACB2236F979FC9286FC91B1135D4E4AE40F8B7DD2FF3365D7D9B648B8D9556D0B1A4CBB1DDF459CD8109253F2E6131BD358A74D2159145BE18BD1CEB7D58B7236083D22BD865DB4EBBE64585F7E31656A5F807294B807981CF20C2E3D4E22E3543B9E24CA91C5F82E948636FE66A32B8E17ACF4B4828CBB67971A8B743D973A2B075505CC252F66E1DA62FCB4298483906597C926A337D5EB14EC061EB6D38A629869B6CBB572D6BAE5AE5D6C7306766870037A224E322866BFF4766A06C7CB73982152C10374976F5FD",
"uid" : "<mi account ID>"
}
This is the last application data that miflash receives:
Code:
0000 88 ae 1d 6f 3c 9f 98 97 d1 32 14 8b 08 00 45 20 ...o<....2....E
0010 05 3a 4d 70 40 00 30 06 e0 39 a1 75 6c 72 0a 00 .:[email protected]
0020 00 0d 01 bb d9 72 89 6a 29 fb 1b 57 73 a5 50 18 .....r.j)..Ws.P.
0030 00 45 74 0d 00 00 17 03 03 05 0d 20 9c 9b c9 5f .Et........ ..._
0040 63 ad 2a 3f c6 77 d7 ae 1b ff 14 82 bf 28 a4 a4 c.*?.w.......(..
0050 24 ed 83 f8 fc 0a fa 74 dd 8a b5 be 34 ca 71 ca $......t....4.q.
0060 91 5d 67 85 bf 90 9c 7e 05 b0 86 f3 b0 5a de cb .]g....~.....Z..
0070 7d 38 39 26 da 8a 81 f7 ac 92 de e1 bb c9 a6 c9 }89&............
0080 10 42 4c 0d 30 3f 01 97 c4 45 ae 83 5a 84 75 35 .BL.0?...E..Z.u5
0090 0a 1e 98 19 0a a1 53 56 d4 f8 b4 b4 bb c6 c3 84 ......SV........
00a0 9e 00 2e 6a 2d d8 47 af 79 cc 6d de 97 a4 81 bd ...j-.G.y.m.....
00b0 89 b6 94 05 cf e9 75 18 a7 2d 2d dc 5c a0 5a d6 ......u..--.\.Z.
00c0 02 0e ee dd 49 36 3c b2 af 63 28 5e 99 a3 56 cd ....I6<..c(^..V.
00d0 94 c9 e0 49 52 39 b2 ac 30 7c 31 6f bb 57 cd da ...IR9..0|1o.W..
00e0 7f bb 10 8f a1 6d b7 d7 7f 5c 0e 9f 88 e4 22 21 .....m...\...."!
00f0 9c 52 05 35 83 1a a2 c1 0b c2 f9 1f 03 dd ac f8 .R.5............
0100 4b e8 32 ae 31 5d a2 9d 60 ed e9 00 c6 18 82 a5 K.2.1]..`.......
0110 2a 84 d5 44 d9 88 a9 27 4b c0 12 79 3b 87 a2 2a *..D...'K..y;..*
0120 1c 4c 0e 70 48 ee 60 97 6e 77 46 a0 c4 38 3c ad .L.pH.`.nwF..8<.
0130 79 fe de d3 0c 4d 36 ca 2b 7a d6 4c 9a 42 36 9f y....M6.+z.L.B6.
0140 85 ab 17 12 9b 4a e9 74 17 e7 30 08 8d fc fa c2 .....J.t..0.....
0150 90 50 ed 3d 28 c1 b6 c7 ca e6 1d 5c 88 e1 bb fc .P.=(......\....
0160 0a d5 ee f3 82 b0 0f da 22 85 40 db 2a 71 fb 27 ........"[email protected]*q.'
0170 82 6a 56 e6 e4 1c 7e d0 ce f8 67 4f 61 d9 7b d5 .jV...~...gOa.{.
0180 ca 59 ac bf 30 2f 23 eb ed 7a 31 54 80 69 26 9c .Y..0/#..z1T.i&.
0190 f7 7d 14 57 51 3d f8 cc 5f 43 23 9e 3e 2e d7 bc .}.WQ=.._C#.>...
01a0 f3 6e 47 b8 11 7a 60 a8 19 e1 a3 77 c6 59 8e 3b .nG..z`....w.Y.;
01b0 17 e4 ad 51 e1 75 78 fb af fe 72 63 b8 fd a2 20 ...Q.ux...rc...
01c0 8c d9 7c 87 f8 1c 29 74 cb 8c 62 c9 e3 22 0e 4c ..|...)t..b..".L
01d0 f6 5a bf fc 9f 2f a3 b5 3f 1f 9a 06 1b 80 78 40 .Z.../[email protected]
01e0 c5 e8 bf 49 23 87 22 cd 60 29 2d 8f 2d 1f d6 ae ...I#.".`)-.-...
01f0 66 08 e1 3d 59 9c e6 65 70 56 16 26 bd 05 ca 55 f..=Y..epV.&...U
0200 9c 45 84 fe 3c 5b 8b 68 39 c5 4c ca ee 1d 2e 4c .E..<[.h9.L....L
0210 d1 14 9a 6a b4 57 78 1c c3 72 2a 5e 28 ab 8b c3 ...j.Wx..r*^(...
0220 4a 26 9c 2d 23 af a5 ed 66 6e 56 e5 07 10 4d ce J&.-#...fnV...M.
0230 f2 27 91 ef 6d f0 2a 36 8c ad 9a 81 d2 83 21 7c .'..m.*6......!|
0240 b9 28 b1 bc 18 87 75 c7 af 35 99 2e bd b9 b6 fe .(....u..5......
0250 e7 83 04 96 52 c7 6a f1 89 de 95 06 2e 4c 55 93 ....R.j......LU.
0260 f8 e0 16 2b f7 5b cd f1 bf 7b d5 ac d3 42 24 6d ...+.[...{...B$m
0270 f5 51 4b 90 d2 3e d9 70 e9 0e 83 a0 9f 69 8e dd .QK..>.p.....i..
0280 ee 23 a1 29 82 94 94 1a a1 c8 0a 0c 55 42 dd 40 .#.)[email protected]
0290 d3 b6 7d 46 95 d6 74 e6 18 9d 6b 62 50 7d 47 d6 ..}F..t...kbP}G.
02a0 c1 48 d8 f5 40 3a 6e a1 9c ab 23 83 1f 9d 71 a5 [email protected]:n...#...q.
02b0 c8 60 27 62 74 25 2c d9 f7 95 77 d3 d0 e1 f5 8d .`'bt%,...w.....
02c0 73 d1 ec 49 26 e4 39 44 f2 2f 9a b5 17 f0 f8 f9 s..I&.9D./......
02d0 9c 25 ff 8b 2c ee bf 24 f8 3a ac 06 68 24 9c b6 .%..,..$.:..h$..
02e0 8b be b2 53 7d 49 ee 0c bb 6b 1a 4c 4a 9d 13 a9 ...S}I...k.LJ...
02f0 a3 1c c2 cf 46 69 f2 7b 43 b9 0a 3c 63 be a0 67 ....Fi.{C..<c..g
0300 00 43 60 77 16 f1 f1 72 e9 1c 3e b6 0b e8 d9 cd .C`w...r..>.....
0310 6a 4f f0 40 f6 cb bd 9b 99 ee ef b5 6b 9e 77 1d [email protected]
0320 47 51 da 22 57 81 be 39 b4 b9 8a f0 e0 5a d7 37 GQ."W..9.....Z.7
0330 7c aa 06 0d 29 83 9a 97 57 76 9f 72 87 aa d7 e4 |...)...Wv.r....
0340 1a 3e e7 e6 ad 97 9d 91 ce b3 64 96 b8 7e e3 86 .>........d..~..
0350 52 f1 21 1b 45 c6 47 45 28 bc 12 e3 91 2e 03 44 R.!.E.GE(......D
0360 91 1a 75 09 0a 6f 98 ad 38 30 e2 29 b6 07 00 dd ..u..o..80.)....
0370 a4 60 b2 65 dd 09 df 2b 3d 45 a8 21 06 e2 47 bf .`.e...+=E.!..G.
0380 34 c7 2f 36 67 03 40 05 26 75 ef 21 b2 25 ba 35 4./[email protected]&u.!.%.5
0390 04 22 2a e4 7c d2 a9 cf 93 eb a7 3b 26 26 bf 1b ."*.|......;&&..
03a0 6b b7 53 f4 24 66 56 43 86 1b f7 b1 7d 2b 58 db k.S.$fVC....}+X.
03b0 da 3c 67 9d ba b1 fd dc c7 b3 50 10 e3 e3 6f aa .<g.......P...o.
03c0 40 0f 96 fa a4 d0 05 3e 5d d0 e0 6e 80 50 f7 e1 @......>]..n.P..
03d0 ce 8d 25 11 d3 57 20 29 ef 1b a0 82 6c d2 03 cc ..%..W )....l...
03e0 59 19 48 91 13 f5 53 fc e1 b7 4e 3a 16 35 ed 57 Y.H...S...N:.5.W
03f0 25 cf 4e d1 69 13 b5 3b e2 ec 6c 2c b4 ab 0e 97 %.N.i..;..l,....
0400 26 50 2c a8 f7 23 63 85 1c 5c e5 67 17 b8 c5 f4 &P,..#c..\.g....
0410 08 93 3e 3e 5d ef 76 f3 e3 5f fb 9e b7 75 b9 3a ..>>].v.._...u.:
0420 7f 4a fd ee 37 f4 0c 8d 0f ed 93 76 91 d4 67 6a .J..7......v..gj
0430 a4 9d 9b bf ef c9 f5 78 dd ba 21 5c b8 05 8f 25 .......x..!\...%
0440 56 b1 95 48 9e 0d 6d e4 fb ee 7d 3a 98 7d 06 c8 V..H..m...}:.}..
0450 bd a1 20 41 56 30 f9 a1 75 f6 6b 0a 46 3a 5b 33 .. AV0..u.k.F:[3
0460 e2 14 52 c5 45 0c ab 30 c3 08 13 c1 d2 d2 1f 0e ..R.E..0........
0470 76 92 fd 95 5d 33 68 bc 30 23 85 ca 62 95 37 77 v...]3h.0#..b.7w
0480 aa 30 09 18 20 7b ea a4 89 d1 d6 f4 c0 93 04 7c .0.. {.........|
0490 4e 81 63 fc 4c 14 c4 c8 b5 bf ea fe 31 9f b1 10 N.c.L.......1...
04a0 72 70 28 2b d6 9c 0c 67 38 c2 06 be 68 6d 2f 3a rp(+...g8...hm/:
04b0 20 70 d1 2b 12 a6 db 4f 68 e7 84 5f 93 d6 2d c0 p.+...Oh.._..-.
04c0 b4 61 cf 4e fb 81 d2 10 be f9 0a f9 4d 9e 27 a7 .a.N........M.'.
04d0 f9 85 e1 76 c8 6b e4 70 2a 2d 22 d8 43 7b 67 35 ...v.k.p*-".C{g5
04e0 13 a3 2f 62 0b 55 b7 15 7c 1e 83 58 ed 04 17 49 ../b.U..|..X...I
04f0 f8 e2 c5 92 f5 c9 1c 73 0c a4 19 89 bc 84 ff 23 .......s.......#
0500 75 37 bf 4e 51 8a 9e 62 9e 22 92 b8 a7 fa 01 ec u7.NQ..b."......
0510 10 7c 21 c9 e8 b8 a6 23 61 7d 75 c8 30 66 b9 67 .|!....#a}u.0f.g
0520 6f d6 51 4d f4 cd 81 49 50 70 e4 80 97 a1 02 11 o.QM...IPp......
0530 49 44 1d e6 f6 24 55 b8 16 df b2 c6 84 05 da 7f ID...$U.........
0540 c7 54 af cb 6b 9a 35 63 .T..k.5c
With "encryptData", miflash executes the following:
Code:
fastboot oem unlock "1f2ebb62_sig.data"
something similar to LG approach with unlock.bin
I suspect that this file is temporarily created inside the miflash folder then deleted once the command is executed
So I think if we can save this file or the code inside it, it will be possible to unlock the bootloader without miflash the next time we want to unlock the bootloader.
I searched "1f2ebb62_sig" in google and didn't found any results, so I hope that we can found something.
All this information is present inside of the file "C:\Users\%USERNAME%\AppData\Roaming\Xiaomi\miflash_unlock\Log\miflash_unlock.log"
[EDIT] As pointed out by @natinusala the 1f2ebb62_sig file contains the serial number in the name
[EDIT] Token var changes every reboot
[EDIT] Progress has been made, check this github repos:
https://github.com/penn5/miunlock
https://github.com/GiorgioUghini/miunlock
I would assume 1f2ebb62 to be your serial number? If so, that file is unique to each device
natinusala said:
I would assume 1f2ebb62 to be your serial number? If so, that file is unique to each device
Click to expand...
Click to collapse
Yes it is, great observation
If you are interested, visit this repository bus also read ISSUES COMMENTS. You can find very useful information about your idea.
https://github.com/mc-17/xiaomi-bootloader/blob/master/README.md
mucha.k1994 said:
If you are interested, visit this repository bus also read ISSUES COMMENTS. You can find very useful information about your idea.
https://github.com/mc-17/xiaomi-bootloader/blob/master/README.md
Click to expand...
Click to collapse
Very interesting
It seems to be far more things besides the 'sig.data' file
I'm thinking about study a little of this for re-open that thread on github. Sadly, owner of repo type last comment more than year ago but in comments (I mean issues) last comment was from few weeks ago. Idea is not fully dead. If you have any skill in spoofing and encrypting/decrypting - join into github conversation.
BTW - as I read somewhere, token probably has one of part allways the same (after reboots I mean) and then, someone try replace token with multiple 0 but keep untouched repeated part and still pass server-side "magic". That's interesting too.
Actually, I think, the final trick is to get somehow data from server - side: script, private-keys or similar. Then, you can exactly know how they generate a key for unlocking.
Seems to be easy. ?
mucha.k1994 said:
I'm thinking about study a little of this for re-open that thread on github. Sadly, owner of repo type last comment more than year ago but in comments (I mean issues) last comment was from few weeks ago. Idea is not fully dead. If you have any skill in spoofing and encrypting/decrypting - join into github conversation.
BTW - as I read somewhere, token probably has one of part allways the same (after reboots I mean) and then, someone try replace token with multiple 0 but keep untouched repeated part and still pass server-side "magic". That's interesting too.
Actually, I think, the final trick is to get somehow data from server - side: script, private-keys or similar. Then, you can exactly know how they generate a key for unlocking.
Seems to be easy.
Click to expand...
Click to collapse
I hope that we can find something, as you said the problem is that the "magic" happens on server side and even if we can create some program to handle the process like https://github.com/penn5 and https://github.com/GiorgioUghini did, Xiaomi can always update their side without anyone able to do anything
eseub said:
Hello there, this is my first post here
I bought this phone like 10 days ago and waited 168 hours to unlock the bootloader
Everything went fine and now I have the bootloader unlocked
During the process of unlocking I sniffed the usb and internet connection and I found some very interesting things
I have had lg, motorola and nexus phones before so I'm used to multiple methods of unlocking the bootloader and I wish every phone was like the nexus in this regard(fastboot oem unlock), but as this is not the case this is what I found:
miflash obtains a code from the device with:
Code:
fastboot getvar token
the device responds with (in my case):
Code:
token: VQEBIQEQ69vxY17MOJnHQZD5Z0e9EwMHY2VwaGV1cwIEWgN-kQ
Finished. Total time: 0.000s
miflash uses this code in their api:
https:// unlock update intl miui com(ip: 161.117.108.114)
their api responds with(in my case):
Code:
sign result:{
"code" : 0,
"description" : "私钥签名成功", //Private key signature succeeded
"encryptData" : "5934D848743BECCFE6C895C128D62E66F9B5300617D53CC89C601E325153898CBA09D9D8849A5E62BB5EBFDF9788D958F307E676D84AACB2236F979FC9286FC91B1135D4E4AE40F8B7DD2FF3365D7D9B648B8D9556D0B1A4CBB1DDF459CD8109253F2E6131BD358A74D2159145BE18BD1CEB7D58B7236083D22BD865DB4EBBE64585F7E31656A5F807294B807981CF20C2E3D4E22E3543B9E24CA91C5F82E948636FE66A32B8E17ACF4B4828CBB67971A8B743D973A2B075505CC252F66E1DA62FCB4298483906597C926A337D5EB14EC061EB6D38A629869B6CBB572D6BAE5AE5D6C7306766870037A224E322866BFF4766A06C7CB73982152C10374976F5FD",
"uid" : "<mi account ID>"
}
This is the last application data that miflash receives:
Code:
0000 88 ae 1d 6f 3c 9f 98 97 d1 32 14 8b 08 00 45 20 ...o<....2....E
0010 05 3a 4d 70 40 00 30 06 e0 39 a1 75 6c 72 0a 00 .:[email protected]
0020 00 0d 01 bb d9 72 89 6a 29 fb 1b 57 73 a5 50 18 .....r.j)..Ws.P.
0030 00 45 74 0d 00 00 17 03 03 05 0d 20 9c 9b c9 5f .Et........ ..._
0040 63 ad 2a 3f c6 77 d7 ae 1b ff 14 82 bf 28 a4 a4 c.*?.w.......(..
0050 24 ed 83 f8 fc 0a fa 74 dd 8a b5 be 34 ca 71 ca $......t....4.q.
0060 91 5d 67 85 bf 90 9c 7e 05 b0 86 f3 b0 5a de cb .]g....~.....Z..
0070 7d 38 39 26 da 8a 81 f7 ac 92 de e1 bb c9 a6 c9 }89&............
0080 10 42 4c 0d 30 3f 01 97 c4 45 ae 83 5a 84 75 35 .BL.0?...E..Z.u5
0090 0a 1e 98 19 0a a1 53 56 d4 f8 b4 b4 bb c6 c3 84 ......SV........
00a0 9e 00 2e 6a 2d d8 47 af 79 cc 6d de 97 a4 81 bd ...j-.G.y.m.....
00b0 89 b6 94 05 cf e9 75 18 a7 2d 2d dc 5c a0 5a d6 ......u..--.\.Z.
00c0 02 0e ee dd 49 36 3c b2 af 63 28 5e 99 a3 56 cd ....I6<..c(^..V.
00d0 94 c9 e0 49 52 39 b2 ac 30 7c 31 6f bb 57 cd da ...IR9..0|1o.W..
00e0 7f bb 10 8f a1 6d b7 d7 7f 5c 0e 9f 88 e4 22 21 .....m...\...."!
00f0 9c 52 05 35 83 1a a2 c1 0b c2 f9 1f 03 dd ac f8 .R.5............
0100 4b e8 32 ae 31 5d a2 9d 60 ed e9 00 c6 18 82 a5 K.2.1]..`.......
0110 2a 84 d5 44 d9 88 a9 27 4b c0 12 79 3b 87 a2 2a *..D...'K..y;..*
0120 1c 4c 0e 70 48 ee 60 97 6e 77 46 a0 c4 38 3c ad .L.pH.`.nwF..8<.
0130 79 fe de d3 0c 4d 36 ca 2b 7a d6 4c 9a 42 36 9f y....M6.+z.L.B6.
0140 85 ab 17 12 9b 4a e9 74 17 e7 30 08 8d fc fa c2 .....J.t..0.....
0150 90 50 ed 3d 28 c1 b6 c7 ca e6 1d 5c 88 e1 bb fc .P.=(......\....
0160 0a d5 ee f3 82 b0 0f da 22 85 40 db 2a 71 fb 27 ........"[email protected]*q.'
0170 82 6a 56 e6 e4 1c 7e d0 ce f8 67 4f 61 d9 7b d5 .jV...~...gOa.{.
0180 ca 59 ac bf 30 2f 23 eb ed 7a 31 54 80 69 26 9c .Y..0/#..z1T.i&.
0190 f7 7d 14 57 51 3d f8 cc 5f 43 23 9e 3e 2e d7 bc .}.WQ=.._C#.>...
01a0 f3 6e 47 b8 11 7a 60 a8 19 e1 a3 77 c6 59 8e 3b .nG..z`....w.Y.;
01b0 17 e4 ad 51 e1 75 78 fb af fe 72 63 b8 fd a2 20 ...Q.ux...rc...
01c0 8c d9 7c 87 f8 1c 29 74 cb 8c 62 c9 e3 22 0e 4c ..|...)t..b..".L
01d0 f6 5a bf fc 9f 2f a3 b5 3f 1f 9a 06 1b 80 78 40 .Z.../[email protected]
01e0 c5 e8 bf 49 23 87 22 cd 60 29 2d 8f 2d 1f d6 ae ...I#.".`)-.-...
01f0 66 08 e1 3d 59 9c e6 65 70 56 16 26 bd 05 ca 55 f..=Y..epV.&...U
0200 9c 45 84 fe 3c 5b 8b 68 39 c5 4c ca ee 1d 2e 4c .E..<[.h9.L....L
0210 d1 14 9a 6a b4 57 78 1c c3 72 2a 5e 28 ab 8b c3 ...j.Wx..r*^(...
0220 4a 26 9c 2d 23 af a5 ed 66 6e 56 e5 07 10 4d ce J&.-#...fnV...M.
0230 f2 27 91 ef 6d f0 2a 36 8c ad 9a 81 d2 83 21 7c .'..m.*6......!|
0240 b9 28 b1 bc 18 87 75 c7 af 35 99 2e bd b9 b6 fe .(....u..5......
0250 e7 83 04 96 52 c7 6a f1 89 de 95 06 2e 4c 55 93 ....R.j......LU.
0260 f8 e0 16 2b f7 5b cd f1 bf 7b d5 ac d3 42 24 6d ...+.[...{...B$m
0270 f5 51 4b 90 d2 3e d9 70 e9 0e 83 a0 9f 69 8e dd .QK..>.p.....i..
0280 ee 23 a1 29 82 94 94 1a a1 c8 0a 0c 55 42 dd 40 .#.)[email protected]
0290 d3 b6 7d 46 95 d6 74 e6 18 9d 6b 62 50 7d 47 d6 ..}F..t...kbP}G.
02a0 c1 48 d8 f5 40 3a 6e a1 9c ab 23 83 1f 9d 71 a5 [email protected]:n...#...q.
02b0 c8 60 27 62 74 25 2c d9 f7 95 77 d3 d0 e1 f5 8d .`'bt%,...w.....
02c0 73 d1 ec 49 26 e4 39 44 f2 2f 9a b5 17 f0 f8 f9 s..I&.9D./......
02d0 9c 25 ff 8b 2c ee bf 24 f8 3a ac 06 68 24 9c b6 .%..,..$.:..h$..
02e0 8b be b2 53 7d 49 ee 0c bb 6b 1a 4c 4a 9d 13 a9 ...S}I...k.LJ...
02f0 a3 1c c2 cf 46 69 f2 7b 43 b9 0a 3c 63 be a0 67 ....Fi.{C..<c..g
0300 00 43 60 77 16 f1 f1 72 e9 1c 3e b6 0b e8 d9 cd .C`w...r..>.....
0310 6a 4f f0 40 f6 cb bd 9b 99 ee ef b5 6b 9e 77 1d [email protected]
0320 47 51 da 22 57 81 be 39 b4 b9 8a f0 e0 5a d7 37 GQ."W..9.....Z.7
0330 7c aa 06 0d 29 83 9a 97 57 76 9f 72 87 aa d7 e4 |...)...Wv.r....
0340 1a 3e e7 e6 ad 97 9d 91 ce b3 64 96 b8 7e e3 86 .>........d..~..
0350 52 f1 21 1b 45 c6 47 45 28 bc 12 e3 91 2e 03 44 R.!.E.GE(......D
0360 91 1a 75 09 0a 6f 98 ad 38 30 e2 29 b6 07 00 dd ..u..o..80.)....
0370 a4 60 b2 65 dd 09 df 2b 3d 45 a8 21 06 e2 47 bf .`.e...+=E.!..G.
0380 34 c7 2f 36 67 03 40 05 26 75 ef 21 b2 25 ba 35 4./[email protected]&u.!.%.5
0390 04 22 2a e4 7c d2 a9 cf 93 eb a7 3b 26 26 bf 1b ."*.|......;&&..
03a0 6b b7 53 f4 24 66 56 43 86 1b f7 b1 7d 2b 58 db k.S.$fVC....}+X.
03b0 da 3c 67 9d ba b1 fd dc c7 b3 50 10 e3 e3 6f aa .<g.......P...o.
03c0 40 0f 96 fa a4 d0 05 3e 5d d0 e0 6e 80 50 f7 e1 @......>]..n.P..
03d0 ce 8d 25 11 d3 57 20 29 ef 1b a0 82 6c d2 03 cc ..%..W )....l...
03e0 59 19 48 91 13 f5 53 fc e1 b7 4e 3a 16 35 ed 57 Y.H...S...N:.5.W
03f0 25 cf 4e d1 69 13 b5 3b e2 ec 6c 2c b4 ab 0e 97 %.N.i..;..l,....
0400 26 50 2c a8 f7 23 63 85 1c 5c e5 67 17 b8 c5 f4 &P,..#c..\.g....
0410 08 93 3e 3e 5d ef 76 f3 e3 5f fb 9e b7 75 b9 3a ..>>].v.._...u.:
0420 7f 4a fd ee 37 f4 0c 8d 0f ed 93 76 91 d4 67 6a .J..7......v..gj
0430 a4 9d 9b bf ef c9 f5 78 dd ba 21 5c b8 05 8f 25 .......x..!\...%
0440 56 b1 95 48 9e 0d 6d e4 fb ee 7d 3a 98 7d 06 c8 V..H..m...}:.}..
0450 bd a1 20 41 56 30 f9 a1 75 f6 6b 0a 46 3a 5b 33 .. AV0..u.k.F:[3
0460 e2 14 52 c5 45 0c ab 30 c3 08 13 c1 d2 d2 1f 0e ..R.E..0........
0470 76 92 fd 95 5d 33 68 bc 30 23 85 ca 62 95 37 77 v...]3h.0#..b.7w
0480 aa 30 09 18 20 7b ea a4 89 d1 d6 f4 c0 93 04 7c .0.. {.........|
0490 4e 81 63 fc 4c 14 c4 c8 b5 bf ea fe 31 9f b1 10 N.c.L.......1...
04a0 72 70 28 2b d6 9c 0c 67 38 c2 06 be 68 6d 2f 3a rp(+...g8...hm/:
04b0 20 70 d1 2b 12 a6 db 4f 68 e7 84 5f 93 d6 2d c0 p.+...Oh.._..-.
04c0 b4 61 cf 4e fb 81 d2 10 be f9 0a f9 4d 9e 27 a7 .a.N........M.'.
04d0 f9 85 e1 76 c8 6b e4 70 2a 2d 22 d8 43 7b 67 35 ...v.k.p*-".C{g5
04e0 13 a3 2f 62 0b 55 b7 15 7c 1e 83 58 ed 04 17 49 ../b.U..|..X...I
04f0 f8 e2 c5 92 f5 c9 1c 73 0c a4 19 89 bc 84 ff 23 .......s.......#
0500 75 37 bf 4e 51 8a 9e 62 9e 22 92 b8 a7 fa 01 ec u7.NQ..b."......
0510 10 7c 21 c9 e8 b8 a6 23 61 7d 75 c8 30 66 b9 67 .|!....#a}u.0f.g
0520 6f d6 51 4d f4 cd 81 49 50 70 e4 80 97 a1 02 11 o.QM...IPp......
0530 49 44 1d e6 f6 24 55 b8 16 df b2 c6 84 05 da 7f ID...$U.........
0540 c7 54 af cb 6b 9a 35 63 .T..k.5c
With "encryptData", miflash executes the following:
Code:
fastboot oem unlock "1f2ebb62_sig.data"
something similar to LG approach with unlock.bin
I suspect that this file is temporarily created inside the miflash folder then deleted once the command is executed
So I think if we can save this file or the code inside it, it will be possible to unlock the bootloader without miflash the next time we want to unlock the bootloader.
I searched "1f2ebb62_sig" in google and didn't found any results, so I hope that we can found something.
All this information is present inside of the file "C:\Users\%USERNAME%\AppData\Roaming\Xiaomi\miflash_unlock\Log\miflash_unlock.log"
[EDIT] As pointed out by @natinusala the 1f2ebb62_sig file contains the serial number in the name
[EDIT] Token var changes every reboot
[EDIT] Progress has been made, check this github repos:
https://github.com/penn5/miunlock
https://github.com/GiorgioUghini/miunlock
Click to expand...
Click to collapse
Can it skip the waiting period?
kouseralamin said:
Can it skip the waiting period?
Click to expand...
Click to collapse
My guess is no. You see, it must hit an API behind Xiaomi's server and returns some encrypted data. It's simple for the API to respond with 4XX and number of waiting hours, i.e. the wait mechanism is protected on the server side.
leledumbo said:
My guess is no. You see, it must hit an API behind Xiaomi's server and returns some encrypted data. It's simple for the API to respond with 4XX and number of waiting hours, i.e. the wait mechanism is protected on the server side.
Click to expand...
Click to collapse
This is still interesting to me. I will keep my eye on this project.
kouseralamin said:
This is still interesting to me. I will keep my eye on this project.
Click to expand...
Click to collapse
We could try a direct firehouse method
Hi. This is a wonderful discovery. Has there been any updates to this project recently?
if crack fastboot????
if error token then flash unlock oem
Here,a working version of the tool.
GitHub - Canny1913/miunlock: A program that can be used to retrieve the bootloader unlock token for Xiaomi devices. (and unlock the bootloader)
A program that can be used to retrieve the bootloader unlock token for Xiaomi devices. (and unlock the bootloader) - GitHub - Canny1913/miunlock: A program that can be used to retrieve the bootload...
github.com
Binding time limit cannot be bypassed since it happens on the server-side.
To get the xxxxxx_sig.data file is quite easy....
The problem is that if you relock the bootloader the TOKEN changes so the xxxxxx_sig.data file becomes useless.
Zibri said:
To get the xxxxxx_sig.data file is quite easy....
The problem is that if you relock the bootloader the TOKEN changes so the xxxxxx_sig.data file becomes useless.
Click to expand...
Click to collapse
How exactly do I get it?
Zibri said:
To get the xxxxxx_sig.data file is quite easy....
The problem is that if you relock the bootloader the TOKEN changes so the xxxxxx_sig.data file becomes useless.
Click to expand...
Click to collapse
how to do it ? can you explain ?
can i unlockit without adding mi account to the phone?

Categories

Resources